Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

What is OpenMRS

OpenMRS is an electronic medical record platform. Basically we provide an API and data model for storing and analyzing patient-level data, and a reference application that's used in 40+ mostly-developing countries. The system includes "core" code and pluggable "modules" that allow very powerful extensions of functionality, and UI-level customization.

OpenMRS Web Services

In the past, people have written several web service modules for OpenMRS, but they've never had enough high-level design or buy-in.

Now, for the first time, we're dedicating our core development team to doing web services right. We need to build a module that exposes our API over web services, in a way that we will support going forwards, and with a design we're proud of.

Caveat: we have very little expertise with web services.

We did a first pass at designing a web service API that was going to be exposed via both REST and SOAP using Apache CXF. We talked to Ola Bini a month ago and he told us (nicely) that this was all wrong, and we needed to learn about REST, resources, and representations. So we bought a couple copies of REST in Practice, and completely re-did our design. We feel pretty happy with our new design, but we really need expert feedback to tell us whether or not we're on the right track, and what we should do differently. Hopefully this time the answer isn't "everything". :-)

Version 1 Requirements

We polled the broader OpenMRS community, and came up with a list of User Stories to include in Version 1 of the module. Very concisely they are:

  • Get a "patient summary" (i.e. a big chunk of data about a patient, their clinical encounters, etc)
  • Create a new encounter or edit an existing encounter for a patient (e.g. for mobile data entry)
  • Manage and list a named group of patients (to support downloading summaries of "My patients" to a phone)
  • Let an external laboratory system look up patients and metadata in OpenMRS (e.g. the lab system fetches a patient, location, and user so that it can create an encounter in OpenMRS)
  • Migrate data from legacy systems

Design Thoughts and Questions

The API we are going to expose in our 1.0 pass at web services is entirely about doing CRUD on a data store. We're not dealing with any application flow or business logic. As such we will aim for level 2 of the Richardson Maturity Model (described by Martin Fowler here) and ignore the idea of embedding state transitions in our resources. Is this a mistake?

We will allow Spring to automatically transform our results to json or xml depending on the HTTP request. This probably prevents us from having a proper DAP or XSD. Is this a mistake?

We'll be following (mostly) standard practice with HTTP methods for domain object CRUD:

  • Create: POST /ws/rest/patient
    • success: 201 CREATED with Location: "uri-of-created-resource", content: default representation of created object
    • failure: 400 or 500
  • Search: GET /ws/rest/patient?q=name+or+identifier
    • success: 200 OK with a list of minimal patient representations as content
    • failure: not really possible
  • Retrieve: GET /ws/rest/patient/uuid.json
    • success: 200 OK with content: default json representation of patient
    • no patient found for given uuid: 404 NOT FOUND
  • Retrieve: GET /ws/rest/patient/uuid.json?v=full
    • like above, but a "full" representation (e.g. also containing a list of encounters)
  • Update: POST /ws/rest/patient/uuid with the request content the properties we want to change on the object
    • e.g. to change a patient's birthdate you'd POST { "birthdate": "1978-05-24", "birthdateEstimated": false }
    • does this seem okay, rather than using PUT with the complete object?
    • success: 204 NO CONTENT
    • no patient found for given uuid: 404 NOT FOUND
    • failure: 400 or 500
  • Soft Delete: DELETE /ws/rest/patient/uuid
    • success: 204 NO CONTENT (includes the case where the patient is already voided)
    • no patient found for given uuid: 404 NOT FOUND
    • failure: 400 or 500
  • Hard Delete: DELETE /ws/rest/patient/uuid?purge=true
    • actually deletes an entity from the database
    • is there a better way to indicate this special, rarely-used method?
    • success: 204 NO CONTENT
    • no patient found for given uuid: 204 NO CONTENT (treat as success, because DELETE is idempotent)
    • failure: 400 or 500 (depending on whether it's an APIException)

Our domain objects are often large (a patient and all their encounters and clinical observations), and contain lots of rarely-interesting book-keeping information (creator, date created, etc), and we expect many clients to be bandwidth-limited. Therefore we want to allow clients to fetch different representations of any resource. For example:

  • /ws/rest/patient/uuid.json -> default representation, only including the patient's preferred name, not including audit info
  • /ws/rest/patient/uuid.json?v=full -> representaion including all their names, all audit info, etc
  • /ws/rest/patient/uuid.json?v=fullwithencounters -> full representation plus summaries of all the patient's encounters (this is big)
    Is this appropriate? If so, what's the right terminology for this? If not, what alternate approach should we be taking?

We also introduce the idea of a "Ref", which is a minimal representation of any object, just containing its uuid, a displayable string, and a URI link to the full resource. So for example if I fetch the default representation of a patient, I might get this:

{
"personAddress" : {
    "uuid" : "3350d0b5-821c-4e5e-ad1d-a9bce331e118",
    "display" : "1050 Wishard Blvd., RG5, Indianapolis, IN",
    "uri" : "http://.../ws/rest/personaddress/3350d0b5-821c-4e5e-ad1d-a9bce331e118"
  },
/\* more stuff \*/
}

Whereas if I fetch the full representation of a patient I might get:

{
"personAddress" : {
    "uuid" : "3350d0b5-821c-4e5e-ad1d-a9bce331e118",
    "address1" : "1050 Wishard Blvd.",
    "address2" : "RG5",
    "cityVillage" : "Indianapolis",
    "stateProvince" : "IN",
    "uri" : "http://.../ws/rest/personaddress/3350d0b5-821c-4e5e-ad1d-a9bce331e118"
  },
/\* more stuff \*/
}

A more relevant example of this is that an encounter might contain 100 observations. The default encounter representation would just include a displayable "weight = 70", whereas the full encounter representation would include full details about the "weight" question (e.g. that it's unit is "kg", its range is 0-250, etc).

Is this okay, or is this some sort of anti-pattern that's going to get us into trouble?

We also have the idea of "sub-resources". Take the example of a "Program" (e.g. "Tuberculosis Treatment Program") and a "Program Enrollment" (i.e. a patient may be enrolled in a program from date X to date Y). Our plan is that:

  • A patient's program enrollment has a top-level URI /ws/rest/enrollment/uuid (i.e. it's not included within the patient)
  • To see what programs a patient is enrolled in: GET /ws/rest/patient/patient-uuid/enrollments
  • To see what patients are enrolled in a program: GET /ws/rest/program/program-uuid/patients
  • To enroll a patient in a program you can do either of:
    • POST /ws/rest/patient/patient-uuid/enrollments  // may omit the patient from the request body
    • POST /ws/rest/program/program-uuid/patients  // may omit the program from the request body
    • POST /ws/rest/enrollment  // must specify both patient and program in the request body

Does this sound right?

Authentication

We assume this will be straightforward once we sit down to design it (though probably annoying to implement). Any words of warning? Any examples we should look at or obvious technology terms to search for?

Some Java Code

We've tried to put together a framework that will make it very quick to expose each of our existing domain objects as resources in a standard way, while still giving us flexibility to step out of that pattern if need be.

To create and expose a resource you would have to write two classes:

  • PatientResource (contains one-line implementations of getByUniqueId, save, etc, and descriptions of the available representations)
  • PatientController (contains short methods to connect Spring MVC's request handling to PatientResource)

We've tried to standardize the way we do CRUD via interfaces (Creatable, Retrievable, Updatable, Deletable, Purgeable), and via a base class that helps reflect these interfaces onto our pre-web-service domain objects: DelegatingCrudResource.

  • No labels